Menu

Cyber Insurance Coverage Disputes


Overview

Global cyber-crime losses are estimated to be in the trillions of dollars annually and will continue to increase at a rapid pace. Cybersecurity industry spending to counter the growing threat is likewise rapidly increasing, and will soon surpass the trillion dollar mark in worldwide annual spending. 
 
Insurers have long provided coverage for certain types of “cyber” losses under traditional policies and coverages. But the last decade has witnessed the emergence of an entirely new line of insurance dedicated specifically to protecting against the risk of “cyber” losses that have plagued individuals, businesses, and government entities, including: 
 

  • Data breach
  • Phishing and other social engineering fraud schemes
  • Ransomware attacks
  • DOS and malware attacks
  • Intellectual property theft
  • Improper storage, handling and disposal of personal information
  • Improper collection of consumer data
  • Theft or destruction of digital assets
  • System malfunctions and staff errors
 
Carlton Fields’ coverage team has been at the forefront of counseling and litigating “cyber” coverage disputes for insurers since long before data breaches made news, or standalone “cyber” coverages were developed. Carlton Fields’ coverage lawyers have handled some of the most high-profile and high-dollar cyber coverage disputes. We have counseled insurers regarding coverage for data breaches, malware attacks, political hactivism, social engineering/phishing/spoofing schemes, and misappropriation of intellectual property. We have analyzed “cyber” coverage issues under traditional coverages, including CGL and fidelity policies (and particularly the “computer systems fraud” rider), as well as newer “cyber” specific package policies, that include first-party coverages, such as data restoration and replacement, business interruption, and breach response costs, as well as third-party liability coverages, including security and privacy liability, derivative vendor and contractual liability, and internet media liability. 
 
Many coverage issues raised under cyber policies are familiar: notice and cooperation conditions, “other insurance” provisions, exclusions, priority of coverage in excess towers, notice of circumstances, etc. But many are untested, including new definitions, such as “electronic data,” “denial of service attack,” and “malicious code,” new coverage grants, and new exclusions for everything from power surges to the illegal collection of personal information.  First-party coverages raise difficult valuation issues where digital assets cannot be restored, or where disabled software and computer systems become obsolete. Carlton Fields’ coverage lawyers have worked with numerous forensics experts, brokers, law enforcement, and regulators specializing in cybersecurity.
 
Carlton Fields’ coverage lawyers also draw from the firm’s inter-disciplinary cybersecurity and privacy team, which focuses our attorneys’ combined professional experiences on the frontlines of cybersecurity across numerous industries, including energy, tech, and health care. We are an ISO 27001:2013 certified firm, and our cybersecurity and privacy team includes attorneys who have earned the designation of Certified Information Privacy Professional (CIPP/US), Certified Information Privacy Manager (CIPM), and Certified Information Privacy Technologist (CIPT), as well as former federal cybersecurity prosecutors. They are active and have held leadership positions in data privacy and cybersecurity organizations, such as:
 
  • International Association of Privacy Professionals (IAPP)
  • The Sedona Conference Working Group on Data Security and Privacy Liability
  • DRI - Data Management and Security Committee
  • ABA - Privacy and Computer Crime Committee CLE Working Group
  • ABA - Computer and Software Legislation Committee
  • ABA - Electronic Filing Committee
  • ABA - Internet Relationships and Cloud Computing Committee
  • ABA - Section of Science & Technology Law
  • The International Security Management Association 
  • ISACA (Information Systems Audit and Control Association)
 
The task force attorneys’ work includes:
  • Data breach and incident response
  • Data privacy and information security policy drafting and implementation 
  • Federal and state privacy laws 
  • International privacy regulations and global policies
  • Employee privacy issues
  • Website and social networking issues
  • Class action and litigation
  • Represent clients in data privacy litigation brought by federal and state regulators

 
The experience and knowledge of our cybersecurity and privacy task force is complemented by Carlton Fields’ longstanding reputation as a leader and go-to firm for coverage disputes of all types. This combination ensures that we are prepared to handle any and all cyber coverage issues with the expert and efficient service our insurer clients expect.  

All Insights

New Opinions From Second and Sixth Circuit Courts Rock Phishing Loss Coverage Landscape

New Opinions From Second and Sixth Circuit Courts Rock Phishing Loss Coverage Landscape

July 16, 2018

On July 6, the Second Circuit Court of Appeals set off some fireworks in the insurance coverage litigation field when it found coverage for a “social engineering”/phishing scheme loss, bucking the trend among its sister courts.

Featured Insights

Disclaimer

The information on this website is presented as a service for our clients and Internet users and is not intended to be legal advice, nor should you consider it as such. Although we welcome your inquiries, please keep in mind that merely contacting us will not establish an attorney-client relationship between us. Consequently, you should not convey any confidential information to us until a formal attorney-client relationship has been established. Please remember that electronic correspondence on the internet is not secure and that you should not include sensitive or confidential information in messages. With that in mind, we look forward to hearing from you.